Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password. [Works with sites like this one: http://www.phenoelit-us.org/dpl/dpl.html Bob]

… Someone broke into the car of an employee working for an InertLogic customer and stole the laptop, which had work and personal information on it.

Months went by [too often the case Bob] before anyone realized that technology InertLogic uses to help manage equipment remotely was sitting on the laptop and could be flipped on to monitor it. The technology, from Kaseya, captures screenshots from remote machines and can be used to install keyloggers, as well as record audio and images from a Webcam.

Fleener relied only on the screenshots that were taken captured every 5 or 10 seconds to see what the user of the laptop was up to. Within a short time, he learned the name, address, and other sensitive information about the man using the laptop. (Fleener is careful not to accuse the individual of being the thief because there is no proof of that.) [Is that why the keylogger wasn't turned on? Bob]

The man visited Facebook, MySpace, and other social networks, according to Fleener. He used Google to search for auto parts and did queries on how to remove security tags from merchandise. He looked at porn and made pirate copies of DVDs, including "Harry Potter and the Half-Blood Prince." Every time the laptop went online, typically on weekend nights and never on Tuesday, Fleener and others got paged.

Benjamin Lavalley, a senior engineer at Kaseya, figured out that by looking at the nearby Wi-Fi access points and doing an online map search, they could try to find out the exact location of the laptop.

Interesting, but if Congress investigated every government entity that failed to do their job they'd have no time to do anything they like (like fund raising)

EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.

The Coalition’s letter argues, in part:

The primary statutory duty of the Chief Privacy Officer is to assure “that the use of technologies sustain, and do not erode, privacy protections.”5 The CPO has not done so, focusing instead almost exclusively on the fourth statutory duty, conducting a “privacy impact assessment”6 on each Department action. The structure of the annual report reveals the Office’s confusion of these two duties, to the detriment of the former. The report notes that the Office “is divided into two major functional units: Privacy Compliance; and Departmental Disclosure and FOIA.”7 The report claims that the Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.”8 This description should encompass the fulfillment of the statutory responsibility to prevent erosion of privacy. Yet the section of the annual report entitled “Compliance” barely discusses ways in which the Office has done so; it focuses almost entirely on the conducting of assessments.9 In fact, the “Privacy Compliance Process” graphic describes the process as containing Review, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and if necessary, a System of Records Notice (SORN), followed by a repetition of the cycle after three years for programs still in force.10

Looks like the school is screwed, unless “dropping” the phone is the same as “using” the phone and at the same time creates “reasonable suspicion”

Owensboro High School violated the Constitution by confiscating a student’s cell phone after it slipped from his pocket during class, and expelling him because of the text messages that school officials read on it, the student’s family claims in Federal Court.

The student, identified only as G.C., says his teacher confiscated his phone “pursuant to school policy,” on Sept. 2. The teacher, the principal and two assistant principals then performed a “warrantless and illegal search” by reading the text messages on the phone, the family says.

The family says G.C. was expelled “as a result of the warrantless and illegal search.”

Although students have the right to freedom from unreasonable search and seizure, school officials have the right, under the law, to search students or their property when there is a reasonable suspicion they have something that violates school rules or endangers others.

Searches may include the student, his/her locker, desk, automobile, cell phone or other personal belongings. The Police Detection Canine Team may conduct random and unannounced searches of general school areas, including school lockers and parking lots.

A school official having reasonable suspicion that the student is in possession of a weapon may use a hand-held metal detector.

[...]

Possession of Telecommunication Devices Prohibited

Under state law (KRS 158.165), a student in the Owensboro Public School District may not activate a telecommunications device on school property or while at a school-related activity or school sponsored activity during the regular school hours unless he/she is acting in the capacity of a volunteer fire fighter or emergency medical service worker.

“Telecommunication devices” refers to devices that emit an audible signal, vibrates, displays a message, or otherwise summons or delivers a communication to the processor, including, but not limited to, a paging device and a cellular telephone. This offense will be treated as “refusal to follow directives” under the Code of Acceptable Behavior and Discipline.

Reference KRS 158.165

Consequences for Violation of the Policy

1st Offense – The school administrator will confiscate the telecommunication device. A required parent conference must take place before the telecommunication device is returned.

2nd Offense – Same as 1st offense with the option of in-house suspension for 4 days. The student loses the privilege to carry a device for the remainder of the year.

3rd Offense — Same as 2nd offense with the option of in-house suspension for 7 days.

4th Offense or more – Forfeit telecommunication device and suspend to a hearing with the DPP.Disciplinary options:

One of the less appealing aspects of using cloud services is integrating various applications--both those in the cloud and those in your enterprise in an easily manageable way. A practical use case is the ability to use one CRM (customer relationship management) system and a different file storage system, both in the cloud.

So, Friday when I saw that Box.net was directly integrating its cloud-based storage service with Salesforce.com, I saw the confluence of two major trends, cloud storage and integration appear all in one fell swoop.

… It sounds rather mundane, but it is the future of collaboration. Customers want to use best-of-breed solutions and be able to directly integrate with their applications of choice without being forced to use a third-party integrator.

FCC Seeks Public Input on Draft Rules to Preserve the Free and Open Internet

News release: "In the next chapter of a longstanding effort to preserve the free and open Internet, the Federal Communications Commission is seeking public input on draft rules that would codify and supplement existing Internet openness principles. In addition to providing greater predictability for all stakeholders, the Notice is aimed at securing the many economic and social benefits that an open Internet has historically provided. It seeks to do so in a manner that will promote and protect the legitimate needs of consumers, broadband Internet access service providers, entrepreneurs, investors, and businesses of all sizes that make use of the Internet."

FCC Announces Release of Report on Barriers to Broadband Adoption by the Advanced Communications Law & Policy Institute

News release: "The Advanced Communications Law & Policy Institute (ACLP) at New York Law School has released a report identifying major barriers to broadband adoption among senior citizens and people with disabilities, and across the telemedicine, energy, education, and government sectors. This report was prepared in coordination with staff of the Omnibus Broadband Initiative (OBI) for use in the development of the FCC's National Broadband Plan."

A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of "Bill Gates," which landed successfully in users' inboxes.

… "I tested [this on] six different enterprise networks using the latest email security technology from most of the major vendors, and not a single one picked up on the spoofed email," Perrymon says. He has written a white paper on the attack and plans to reveal the vendors in the test after he has contacted them and received their responses.

Perrymon says he tested 10 different combinations of email security appliances, services, and open-source and commercial products; four major client email products; and three major smartphone brands.

Posted by Soulskill on Friday October 23, @10:01PM from the one-for-you-and-two-for-me dept.

filesiteguy writes

"Wired is reporting that the Open Source Digital Voting Foundation has announced the first release of Linux- and Ruby-based election management software. This software should compete in the same realm as Election Systems & Software, as well as Diebold/Premiere for use by County registrars. Mitch Kapor — founder of Lotus 1-2-3 — and Dean Logan, Registrar for Los Angeles County, and Debra Bowen, California Secretary of State, all took part in a formal announcement ceremony. The OSDV is working with multiple jurisdictions, activists, developers and other organizations to bring together 'the best and brightest in technology and policy' to create 'guidelines and specifications for high assurance digital voting services.' The announcement was made as part of the OSDV Trust the Vote project, where open source tools are to be used to create a certifiable and sustainable open source voting system."

It works much like any basic movie editing software would, like Microsoft MovieMaker. So you can have music spanning several slides, and have a richer visual experience. This product is also ideal for creating stand-alone presentations that don’t require you to be there talking.

A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that terms are defined in statute versus in practice—terms such as identity theft, identity fraud and data breach.

[...]

Rick Kam, president of ID Experts, led a team that cataloged 166 research studies on identity theft and data breach trends, identity theft protection services, and information security solutions. “Our group observed some contradictory results in research findings attributable to differences in terminology, research methodology, and even potential bias in research sponsorship,” said Kam. “We also noted a number of gaps in existing research such as the effects of identity theft versus identity fraud, breach correlation to identity theft, and the effectiveness of identity theft protection services and information security solutions.”

LOS ANGELES — California is conducting a months-long investigation into audit logs inside the state’s electronic voting systems after reports of serious flaws with the logs — including the ability for an election official or someone else to delete votes without leaving an electronic trail.

800 down, a googolplex left to shut down. Not clear from the articles how the victim notification will work.

Posted by timothy on Thursday October 22, @10:22PM from the had-to-pay-shipping-on-them-first dept.

Sooner Boomer writes

"Nigerian police in what is named Operation 'Eagle Claw' have shut down 800 scam web sites, and arrested members of 18 syndicates behind the fraudulent scam sites. Reports on Breitbart.comand Pointblank give details on the busts. The investigation was done in cooperation with Microsoft, to help develop smart technology software capable of detecting fraudulent emails. From Breitbart 'When operating at full capacity, within the next six months, the scheme, dubbed "Eagle Claw," should be able to forewarn around a quarter of million potential victims.'"

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country's computer network exploitation capabilities, according to the report, titled "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation."

… In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

Psystar said on Thursday that its Rebel EFI suite is available for download from its Web site. The software will allow anyone to install any modern operating system on their computer, including Apple's Mac OS X Snow Leopard.

… A demo version of the software is available for download so users can "test-drive" it before they buy. Psystar says the demo would allow users to install Mac OS X, but with "limited hardware functionality as compared with the full version."

… iCurrent rewards the engaged reader, but it doesn't require much work at all to make it a compelling experience. As I said at the top of this story, there's nothing really amazing here, just a good understanding of how today's users consume news, and enough technology to put that news in front of them.

… The product is in private beta now and should be available shortly. You can sign up to be alerted when it goes public. I recommend that.

Rao says iCurrent will make money from advertising. It might. It's more likely it'll make money when Yahoo or Microsoft buys it.

… The only downside with eBooks is that it is only available online in an electronic format. What happens if you want to publish it and have it in print? You are up for a lot of fees, printing, and publication costs. You need to get legal advice, find a publisher to publish your book and the list goes on.

Thankfully there is a solution where you can publish your own book, or sell it in a bookshop. The best thing is, you don’t even have to spend a cent. And here’s how.

Lulu.com allows you to sell your book in bookshops, online and allow buyers to purchase printed copies in a simple 5-step process. If you have created eBooks before, this is a service that you must use. You easily and cheaply get your book published in a printed format with its own ISBN number.

I think my website students will like this one. Collects the images from listed sites.

Iowa-based The Vernon Company recently discovered that its system had been accessed via its vernoncompany.com web site. The breach was discovered on October 6, and the company shut down the web site until it could patch the vulnerabilities were patched. Further investigation suggested that the breach originated in Singapore, and may have occurred as early as July 2009. The company notified the FBI of the incident and notified (pdf) the New Hampshire Attorney General’s Office on October 12 that 19 New Hampshire residents were affected by the incident.

The breach may have resulted in access to customers’ names, addresses, credit or debit card numbers, and card expiration dates. The company says it has no evidence that the data have been acquired or misused, and did not offer affected customers any free credit monitoring services.

Harassment on the face? Or is it a crime to get a “B” in a Journalism class?

Journalism students working on the Medill Innocence Project at Northwestern University’s Medill School of Journalism are fighting subpoenas requesting their grades, off-the-record interviews, electronic communications, notes, course syllabi, grading criteria for the course and receipts for expenses that students incurred for their investigation of the case of Anthony McKinney, who was convicted and jailed in 1978 for allegedly shooting a security guard in Harvey, Ill.

Illinois assistant state’s attorneys sent Medill professor David Protess, the instructor of the Innocence Project course, a subpoena May 20 to appear in Cook County’s Circuit Court on June 11 with the requested materials. Protess and his students retained the services of Richard J. O’Brien and Linda R. Friedlieb of Sidley Austin LLP, and they are attempting to quash the subpoena on the grounds that the students are protected by the Illinois Reporter’s Privilege Act and the Family Educational Rights and Privacy Act (FERPA), according to the Medill Innocence Project’s Web site.

Lurking innocently on Google's blog this afternoon, like many of their big announcements, was the bombshell that they have reached an agreement with Twitter to make all tweets searchable. This followed an earlier announcement at the Web 2.0 conference by Microsoft that Bing has also arranged to make tweets searchable.

This is not only a huge thing for Twitter, it is also well past due. Until now, Twitter really hasn't been a first class web citizen, because you're not really part of Web 2.0 until you're searchable by Google (and, I suppose, Bing).

… The Bing interface is interesting, it seems to be a hybrid of a web search engine and a twitter search.

Thales recently released their Key Management benchmark survey, reporting that of all the things that could drive an encryption project in IT, HIPAA and PCI DSS are the top two reasons companies are moving forward with encryption initiatives.

… Their findings show that in Europe, 52-percent of those who answered the survey are planning encryption projects so that they can comply with PCI DSS regulations. In the U.S., 53-percent said their encryption projects are based on compliance needs for HIPAA.

… Another issue with availability is key management, the central part to any encryption project, no matter what the solution is. The Thales survey showed that eight percent of those surveyed have had to deal with a lost encryption key in the last two years. [Compare with the percentage of drivers who lock their keys in the car? Bob] According to the survey report, these losses resulted in business disruptions or permanent data loss for 39-percent of those who’ve dealt with the issue.

… Moreover, when asked about their own company's plans for cloud computing, 47-percent said they would not move to the cloud unless data was encrypted, and another 43-percent said they have no cloud-based plans at all.

… But Congress has never given the FCC any authority to regulate the Internet for the purpose of ensuring net neutrality. In place of explicit congressional authority, we expect the FCC will rely on its "ancillary jurisdiction," a position that amounts to “we can regulate the Internet however we like without waiting for Congress to act.” (See, e.g., the FCC's brief to a court earlier this year). That’s a power grab that would leave the Internet subject to the regulatory whims of the FCC long after Chairman Genachowski leaves his post.

Posted by samzenpus on Wednesday October 21, @07:10PM from the play-fair-eh dept.

An anonymous reader writes

""The CRTC today introduced a new framework to guide Internet service providers in their use of Internet traffic management practices. ISPs will be required to inform retail customers at least 30 days, and wholesale customers at least 60 days, before an Internet traffic management practice takes effect. At that time, ISPs will need to describe how the practice will affect their customers' service. The Commission encourages ISPs to make investments to increase network capacity as much as possible. However, the Commission realizes that ISPs may need other measures to manage the traffic on their networks at certain times. Technical means to manage traffic, such as traffic shaping, should only be employed as a last resort.""

Should we offer classes in Twitter starting in grade school? Probably have replaced it by the time we work out a syllabus.

"Some 19% of internet users now say they use Twitter or another service to share updates about themselves, or to see updates about others. This represents a significant increase over previous surveys in December 2008 and April 2009, when 11% of internet users said they use a status-update service. Three groups of internet users are mainly responsible for driving the growth of this activity: social network website users, those who connect to the internet via mobile devices, and younger internet users – those under age 44."

Jason R. Baron is well known as a lawyer, writer, editor, and thought leader on e-discovery search. This blog is a 30 minute video excerpt of Jason teaching Bill Hamilton and my law school class this week at the University of Florida. Jason’s talk will give you a better understanding of the problem of search, why it is so difficult, and the latest research and trends in this area.

… Jason Baron’s efforts to bridge the disciplines of law and information science are driven by his desire to help the law cope with the sudden explosion in the volume of information. Jason is on the front line of this problem as the Director of Litigation of the National Archives and Records Administration. NARA, among other things, handles White House email litigation and other federal records disputes. He lives in a world where the management of billions of emails and government records are routine. He understand far better than most the need of law to work with science to cope with these issues.

Posted by Soulskill on Wednesday October 21, @11:07AM from the onward-and-upward dept.

ancientribe writes

"The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."

For those times you need to play “computer security guy” Lists 27 specific malware titles

US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm’s Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.

According to an SEC cease and desist order – first published by ZDNet – an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.

Some time later that month, the intruder used the login credentials to enter Commonwealth’s Intranet site and view information on how to execute trades.

Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.

… "We are aware of the issue and we are hard at work on a solution and have been for quite some time," [When were they going to tell their customers? Bob] Alex Dudley, a Time Warner Cable spokesman, said on Tuesday.

"The manufacturer has developed a fix," he added. "We believe it will work and we are testing it now to make sure it won't affect our network in other ways."

… Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser. [Now that's a simple hack! Bob]

Attention Hackers and coding geeks! Here's you chance to see where your vote went!

"Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code."

The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.

Attention Hackers! Now you can extend the “unplug grandma” feature of the Obama Health Care Plan to anyone in Oregon! Got an irritating neighbor? Unhappy with your local politician? Sign them up!

Posted by kdawson on Tuesday October 20, @07:57PM from the riding-the-pr-coattails dept.

An anonymous reader writes

"It looks like IBM isn't much of a friend of Microsoft's anymore. Today IBM announced an extension of its Microsoft-Free PC effort together with Canonical Ubuntu Linux. This is the same thing that was announced a few weeks back for Africa (a program that began a year ago), and now it's available in the US. The big push is that IBM claims it will cost up to $2,000 for a business to move to Windows 7. They argue that moving to Linux is cheaper."

Posted by kdawson on Tuesday October 20, @02:52PM from the up-scale dept.

miller60 writes

"Google never says how many servers are running in its data centers. But a recent presentation by a Google engineer shows that the company is preparing to manage as many as 10 million servers in the future. At this month's ACM conference on large-scale computing, Google's Jeff Dean said he's working on a storage and computation system called Spanner, which will automatically allocate resources across data centers, and be designed for a scale of 1 million to 10 million machines. One goal: to dynamically shift workloads to capture cheaper bandwidth and power. Dean's presentation (PDF) is online."

Is this the future of publishing? In theory, you could pick up your newspapers, magazines and book-of-the-month club selections at your local library or supermarket.

Hewlett-Packard is announcing two projects at the Web 2.0 Summit in San Francisco on Wednesday it hopes will give new life to print--books and magazines in particular. Additions to two projects, BookPrep and MagCloud, let content that's been too expensive or difficult to print get out to readers more easily.

Tracked.com Launches Massive Structured Database Of People And Companies

by Michael Arrington on October 21, 2009

It isn’t often that a startup can raise nearly $12 million dollars and work in stealth for a year and a half without anyone noticing. But that’s exactly what Tracked has done – and today they’re launching a massive structured database for tracking people and businesses.

...You can, for example, view public company financial statements, compensation data and insider trading for public company executives, or just overviews (and news items) for countless business people and other notable individuals. You can also create watchlists of people, companies or industries, and the service will create a customized feed of news relevant to the items on your watchlist.

Tuesday, October 20, 2009

ChoicePoint was the first and remains a whipping boy in the Identity Theft field. You would think they would expend some resources to ensure they eventually get out of the headlines. My Disaster Recovery class will be discussing this tonight...

ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000.

In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention.

The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also alleged that ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information.

Under the agreed-upon modified court order, filed on the FTC’s behalf by the Department of Justice, ChoicePoint is required to report to the FTC – every two months for two years – detailed information about how it is protecting the breached database and certain other databases and records containing personal information.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress. [What is it worth to the company to avoid that level of fine again? Bob] The company also agreed to maintain procedures to ensure that sensitive consumer reports were provided only to legitimate businesses for lawful purposes; to maintain a comprehensive data security program; and to obtain independent assessments of its data security program every other year until 2026. The new court order extends the record-keeping and monitoring requirements of the 2006 order, and gives the FTC the right to request up to two additional biennial assessments of ChoicePoint’s overall data security program.

The Commission vote to approve the modified stipulated order was 4-0. The order was filed in the U.S. District Court for the Northern District of Georgia, and entered by the court on October 14, 2009.

This article gets filed in our “Identity Thieves are getting more aggressive” folder. A wide variety of “petty” crimes are now tied to Identity theft, and whoever is organizing the crimes seems to be recruiting these little crooks for a small slice of the pie.

About a month ago, Target 7 reported that Rod White, of Los Ranchos, was indicted on charges of fraud, forgery and identity theft. White tried to pass off fake checks using the state Taxation and Revenue Department’s account number. Officials knew little then, but APD detectives said they have linked White to an organized crime ring that stole identities.

Investigators believe they used various methods to obtain personal information, including a stolen cache of state Motor Vehicle Division documents. One victim said a woman stole her purse right out of her hand in broad daylight at an Albertson’s in the Northeast Heights. Purse snatchings like that one led police to five more people who are also now accused in the theft ring. Those people told detectives that they worked with White. The six are accused of also stealing mail from neighborhoods all over the Duke City. Detectives said the six had a postmaster key they used to open up mail boxes and get information from hundreds of victims. A search of two of the alleged thieves’ homes uncovered more than 400 potential victims. A cache of state Motor Vehicle Division documents with names, Social Security numbers and addresses was also found. Detectives said that the documents were stolen from an MVD worker’s car, parked outside of his home. [Why paper records? Why take the records home? Bob] The documents were used to make fake IDs and fake checks. Police said more arrests are coming soon as the case unfolds..

So I checked this site and I don’t see where we knew about any breach involving the Motor Vehicle Division. Was that breach ever publicly reported? Second, why did the MVD worker have documents in a car? Was that consistent with MVD policy?

A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today.

Cheers has shut down a wireless broadband system that was used to process credit-card transactions and replaced it with an older dial-up system that is more secure and difficult to hack, said James Wall, a Denver-based spokesman for Cheers. The wireless broadband system was first accessed illegally in mid-September, and was shut down last week and replaced with a paper-based system until the dial-up system was installed on Friday, he said.

A detailed membership list of the British National party containing names, addresses and telephone numbers was published on the internet this morning.

The list, which contains thousands of names, was published on Wikileaks, a website that purports to be a clearing house for information to be published anonymously. [link to list inserted by Dissent]

[...]

The publication of the list represents the third significant time the details of the BNP’s membership have been made public. In November 2008, a list of members’ names, contact details and in some cases jobs and hobbies was leaked by disgruntled members said to have become frustrated that the party had become too soft under Griffin.

… In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Who are they trying to sell? No details, no facts, only a lot of “wouldn't it be cool to do this” kind of scenes – sounds like they are targeting politicians.

Posted by timothy on Monday October 19, @03:33PM from the greater-good-strikes-back dept.

Ronald Dumsfeld writes

"Wikinews puts together some of the details around the EU's five-year-plan called Project INDECT, and brings attention to a leaked 'sales-pitch' video: 'An unreleased promotional video for INDECT located on YouTube is shown to the right. The simplified example of the system in operation shows a file of documents with a visible INDECT-titled cover stolen from an office and exchanged in a car park. How the police are alerted to the document theft is unclear in the video; as a "threat," it would be the INDECT system's job to predict it. Throughout the video use of CCTV equipment, facial recognition, number plate reading, and aerial surveillance give friend-or-foe information with an overlaid map to authorities. The police proactively use this information to coordinate locating, pursing, and capturing the document recipient. The file of documents is retrieved, and the recipient roughly detained.'"

"NIEM, the National Information Exchange Model, is a partnership of the U.S. Department of Justice and the Department of Homeland Security. It is designed to develop, disseminate and support enterprise-wide information exchange standards and processes that can enable jurisdictions to effectively share critical information in emergency situations, as well as support the day-to-day operations of agencies throughout the nation. NIEM enables information sharing, focusing on information exchanged among organizations as part of their current or intended business practices. The NIEM exchange development methodology results in a common semantic understanding among participating organizations and data formatted in a semantically consistent manner. NIEM will standardize content (actual data exchange standards), provide tools, and managed processes."

(Related) Interesting in that they didn't require him to decrypt his files. Would the results be different if he had been charged with terrorism? Perhaps they haven't heard of waterboarding?

A newspaper which continued to publish a defamatory article on its website after its subject was cleared in an investigation lost its right to claim a special journalistic defence against libel, the High Court has said.

The ruling makes it clear that while responsible journalism is given some libel protection, that protection can evaporate if the crucial facts of the case change. Web archives of stories must change to reflect this, the ruling said.

The ruling not only is significant for traditional publishers, but is also of concern to bloggers, who have been increasingly under legal assault. Simon Singh, who has been sued by the British Chiropractic Association for libel, had an interesting column last week in The Times, ,England’s libel laws don’t just gag me, they blindfold you, in which he wrote:

One of the main fears, expressed repeatedly during the evening, was the sheer cost of a libel case. Although the damages at stake might be just £10,000, going to trial can mean risking more than £1m. This means that a blogger has to ask whether he or she can afford the possibility of bankruptcy. Even if a blogger is 90% confident of victory, there is still a 10% chance of failure, which is why bloggers often back down, withdraw and apologise for material they believe is true, fair and important to the public.

I should point out that I am being sued for libel by the British Chiropractic Association. Indeed, last week I was at the Court of Appeal where I received permission to appeal against an earlier ruling on the meaning of my article. The original article was published 18 months ago, the case has cost me £100,000 and there is still a long way to go. My reason for not backing down is that I believe my article is accurate, important and a matter of public interest, as it relates to the use of chiropractic in treating various childhood conditions, such as asthma and ear infections.

But as Singh points out, the reality is that most bloggers do not have the resources he has to fight libel or defamation suits, even if their stories are accurate or are protected speech. This latest UK ruling seems to open up a new Pandora’s box, and seems to suggest that once a story is published, the publisher is responsible for it in perpetuity should important facts come out later that could affect someone’s reputation.

… We’ve already seen journalists in the United States granted permission to tweet while in court, but Australia is breaking some interesting ground when it comes to Twitter and the legal system.

After a recent trial that involved journalists tweeting the proceedings, FOXNews is reporting that the Federal Court in Australia has decided that as with other media, individual judges will be able to decide on a case by case basis if they will allow live Twitter coverage from within their courtrooms.

Apparently earlier in the month two technology journalists, one from ZDNet Australia, used Twitter to report live regarding an iiNet copyright case around movie piracy. The presiding judge, Dennis Cowdroy, soon became aware of their tweets, but saw no issue with their behaviors.

I don't see this as a battle of “the haves vs. the have nots” Rather it seems a battle of “the we know how to use the Internet vs. the what are you doing with our telephone lines?”

Britain has established a privacy law by stealth which has made inroads into all parts of society, a leading human rights law review shows today.

The use of legal arguments based on the claimant’s right to a private life were once almost exclusively restricted to cases brought by celebrities against newspaper groups, but just two of the 28 privacy court cases reported in the last year had any connection with the traditional battle between high-profile individuals and the media.

[...]

Jonathan Cooper, barrister at London’s Doughty Street Chambers and the editor of Sweet & Maxwell’s European Human Rights Law Review, said the UK’s legal system was “playing catch-up with other countries where the concept of privacy has been taken more seriously”. He added: “The absence of privacy rights has been a defect of UK law.”

I don’t think that secrecy of signatures is constitutionally mandated by the First Amendment, just as I don’t think that a secret ballot is constitutionally mandated by the First Amendment. True, the anonymous speech precedents bar the government from requiring that people sign their political statements. But political statements are just speech. Signing an initiative, referendum, or recall petition is a legally operative act — it helps achieve a particular result not just because of its persuasiveness, but because it is given legal effect by the state election law.

The government is surely entitled to require that people who want their signature to have such a legally operative effect must disclose their identities to the government. And I see no reason why the government might not then disclose those identities to the public, who after all are in charge of the government. To do that is to inform the people about who is taking legally operative steps to change the state’s laws (or the state’s elected representatives, in the case of a recall).

MADISON, Wis. – To promote his recent campaign for mayor of St. Petersburg, Fla., Scott Wagman bought an ad that popped up online when anyone ran a Google search for his opponents' names.

He was hardly the first to employ the tactic, which didn't stop a rival campaign from complaining the ad did not have a "paid for by" disclaimer. The Florida Elections Commission ordered Wagman to remove it and pay a $250 fine, even though the required disclaimer was longer than the 68 characters allowed in the text of the ad, which wasn't "paid for" until someone clicked on it.

Competitive Intelligence - A Selective Resource Guide - Updated and Revised October 2009: Sabrina I. Pacifici's completely revised and updated pathfinder focuses on leveraging selected reliable, focused, free and low cost sites and sources to effectively profile and monitor companies, markets, countries, people, and issues. This guide is a "best of list" of web, database and email alert products, services and tools, as well as links to content specific sources produced by government, academic, NGOs, the media and various publishers.

(Related) So will Wall Street go RIAA on them, or just wait for the SEC?

When I wrote about KaChing last December, the site was a fantasy stock market where you could track the pretend portfolios of other investors. But the game of make-believe is coming to an end at the company, and KaChing is now letting users attach real money to their accounts. In doing so, this company is taking on the $11.5 trillion U.S. mutual fund industry. It looks like a great opportunity, both for the investors in the company and consumer equity investors.

Posted by kdawson on Monday October 19, @01:11AM from the clouds'-illusions-i-recall dept.

jg21 writes

"With the federal government about to spend $20B on IT infrastructure, this highly analytical article by two Booz Allen Hamilton associates makes it clear that cloud computing has now received full executive backing and offers clear opportunities for agencies to significantly reduce their growing expenditures for data centers and IT hardware. From the article: 'A few agencies are already moving quickly to explore cloud computing solutions and are even redirecting existing funds to begin implementations... Agencies should identify the aspects of their current IT workload that can be transitioned to the cloud in the near term to yield "early wins" to help build momentum and support for the migration to cloud computing.'"

Google continues to hit milestones with Google Apps – 2 million businesses and 20 million users in over 100 countries and 40 languages (up from 1.75 million businesses in June). And they aren’t slowing down the advertising, either.

Strangely enough, this too relates to high-volume search and analysis.

At the world’s largest book fair in Frankfurt, the European Union officially launched the EU Bookshop’s digital library, an archive of 50 years of documents in about 50 different languages, all available online for free.

… The library’s contents will also be a part of Europeana, a very impressive site we’ve written about before and devoted to all things European.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.